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REMARKS 

The substitute specification filed September 22, 2005 has not been entered because it 
does not conform to 37 CRF 1 .125(b) and (c). The disclosure is objected to because on page 6, 
line 6, the "the gateway" is referenced using the incorrect ref. no. 102 instead of the correct ref. 
no. 103. Claims 21-25 are objected to under 37 CRF 1.75 as being a substantial duplicate of 
claims 7-9, 11, and 17. Claim 26 is rejected under 35 U.S.C. 101 because the claimed invention 
is directed to non-statutory subject matter. Claims 7-26 are rejected under 35 U.S.C. 103(a) as 
being obvious over Furuno (US 2003/0167343) in view of Lewis et al. (US 2006.0107060). 

Response Regarding Specification 

Applicant has presented a marked-up and a clean substitute specification for entry, in 
response to examiner's request. Applicant has also corrected the informality noted by Examiner 
via the substitute specification. 

Response to Claim Objections: 

Applicant has canceled claims 21-29. 

Response to Rejections Under Section 112: 
Claim 22 has been canceled. 

Response to Rejections Under Section 101: 

Claim 25 has been amended to proper form. 

Response to Rejections Under Section 103: 
In claim 7 Applicant claims in part: 

providing the status information with a digital signature calculated from the status 
information by a private key for an asymmetrical encoding method, wherein the private 
key is associated with a first control unit associated with the communication terminal 
for the resolution and/or conversion of network addresses, and is stored remote from 
the communication terminal 
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As disclosed, the communication terminal may include a telephone or PC based communication 
terminal ("endpoints"), and control units may include gatekeepers. (Paragraphs 12-13). Thus, as 
Applicant claims, the private key is associated with a first control unit, such as a gatekeeper, or 
in particular, the gatekeeper that is controlling the communication terminal. In order to clarify 
Applicant's meaning, Applicant has added that the private key being used "is stored remote 
from the communication terminal," as supported at least by paragraph 17. In contrast, Lewis 
discloses a telephone that authenticates itself using an "internally stored identity private key" 
113. (Abstract). Lewis does not teach or suggest using a private key that is associated with the 
first control unit. The private key used in Lewis is thus stored within the communication 
terminal, as opposed to Applicant's private key, which is associated with a first control unit and 
stored remote from the communication terminal. Therefore, the combination of Furuno and 
Lewis do not teach or suggest this limitation of Applicant's claim 7. Applicant respectfully 
requests that the 35 USC 103 rejection of claim 7, and claims 8-20 which depend from and 
include all the limitations of claim 7, based on Furuno and Lewis, be withdrawn. 

Similarly, in claim 26 Applicant claims in part 

said status information is to be provided with a digital signature that is calculated from 
the status information by means of a private key for an asymmetrical encoding 
method associated with a first control unit associated with the communication terminal 
for the resolution and/or conversion of network addresses, wherein said private key is 
stored remote from the communication terminal 

As argued above, Lewis teaches using a private key stored within the communication terminal 
for authentification purposes, where Applicant claims using a private key associated with a first 
control unit and stored remote from the communication terminal. Therefore, the 
combination of Furuno and Lewis do not teach or suggest this limitation of Applicant's claim 26. 
Applicant respectfully requests that the 35 USC 103 rejection of claim 26, based on Furuno and 
Lewis, be withdrawn. 
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Conclusion 

Applicants respectfully request reconsideration and allowance of the present application 
in view of the foregoing arguments. The commissioner is hereby authorized to charge any 
appropriate fees due in connection with this paper, including the fees specified in 37 C.F.R. §§ 
1.16 (c), 1.17(a)(1) and 1.20(d),' or credit any overpayments to Deposit Account No. 19-2179. 

Respectfully submitted, 



Dated: jjJ&L g^^ g By: /O- ^fe^ 



Janet D. Hood 
Registration No. 6 1 , 1 42 
(407) 736-4234 



Siemens Corporation 
Intellectual Property Department 
170 Wood Avenue South 
Iselin, New Jersey 08830 
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I Description 

METHOD AND CONTROL PROGRAM FOR OPERATING A COMMUNICATION 
TERMINAL FOR PACKET ORIENTED DATA TRANSMISSION 

CROSS REFERENCE TO RELATED APPLICATIONS 
[0001] This application is the US National Stage of International Application No. 
PCT/EP2004/00313L filed March 24, 2004 and claims the benefit thereof. The International 
Application claims the benefits of German application No. 10314559.L filed March 3 1. 
2003. both applications are incorporated by reference herein in their entirety. 

FIELD OF INVENTION 
[0002] The invention relates to a method and a control program for operating a 
communication terminal for packet-oriented data transmission. 

SUMMARY OF THE INVENTION 
[0003] The Internet Protocol (IP) for packet-oriented, connectionless data transmission 
is not only used purely for data transfer. Due to the increasing installation of IP-based 
networks, such as Intranets and Extranets, the use of the Internet Protocol is an interesting and 
cost-effective alternative to traditional communication structures for voice and image signal 
transmission also. Voice signal transmission using the Internet Protocol, Voice-over-IP 
(VoIP), competes in particular with classical, connection-oriented voice networks. With 
regard to the use of the Internet Protocol for voice signal transmission, its real-time behavior 
is of key importance. This real-time behavior is determined by the minimization of data 
packet losses and delay times, especially as users only accept minimal delays in the case of 
voice signal transmission. 

[0004] The incorporation and use of existing telecommunication systems will also be 
critical for the acceptance of Voice-over-IP. On the user side, there is in fact major economic 
interest in the continued use of previous, conventional telecommunication systems including 
all the familiar features. Voice-over-EP is planned as the replacement for conventional PBX 
technology and provides a basis for the continuing integration of voice, data and video 
services, for example in the context of multimedia conferences, application sharing, and call 

center applications. As a result of the simplification of operating functions for data and voice, 
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potential synergies can be exploited. Moreover, Voice-over-EP makes standardized 
environments possible with interfaces to conventional telecommunication systems, including 
public telecommunication networks. 

[0005] Possible application scenarios for Voice-over-IP in an Intranet envision site- 
based DP telephone gateways, over which calls are routed from a telecommunication system. 
Such a gateway has the task of supporting signaling, standard protocols, and also vendor- 
specific protocols. Currently, Voice-over-DP - including integration in existing 
telecommunications systems - still displays a number of weak spots with regard to signaling, 
available features, and suitable network management systems. In the case of the latter, 
requirements include overall monitoring and management of formerly separate voice and data 
communication. 

[0006] In many VoIP telephone networks, VoIP terminals hold data about their status 
in a memory associated with the respective VoIP terminal. The unit's status includes, for 
example, information such as directory number, programmed key assignments, and activated 
features. Usually, a control unit known as a gatekeeper is associated with a VoIP terminal in 
VoIP telephone networks, which carries out the onward switching of call signaling and also 
the resolution or conversion of network addresses or telephone numbers, for example. As a 
rule, therefore, gatekeepers are provided primarily for access authorizations and security 
aspects. Additionally, gatekeepers can also be allocated tasks in the fields of charge logging, 
charge allocation or bandwidth management for the purposes of ensuring a prescribed quality 
of service. 

[0007] If a gatekeeper in a VoIP telephone network fails, VoIP terminals are affected 
in particular, losing their association in the VoIP telephone network as a result. The re- 
association of the affected VoIP terminals with an alterative gatekeeper represents a security 
problem in this connection, since the affected VoIP terminals have usually not yet been 
registered by the alternative gatekeeper. 

[0008] The object underlying the present invention is therefore to specify a method for 
operating a communication terminal for packet-oriented data transmission and also an 
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efficient implementation of the method, which enables the secure re-association of the 
communication terminal with an alternative control unit following the failure of a previously 
associated control unit. 

[0009] This object is achieve d bv the claims a cc o rdi ng to the invention by a method 
with the features specified in claim 1 and a control program with the features specified in 
claim 6 . Advantageous developments of the present invention are specified in the dependent 
claims. 

[0010] An essential aspect of the present invention consists in the fact that a piece of 
status information stored, for a communication terminal, in an associated memory unit is 
provided with a digital signature. The digital signature is calculated from the status 
information by means of a private key for an asymmetrical encoding method, which is 
associated with a first control unit associated with the communication terminal for the 
resolution and/or conversion of network addresses. If the first control unit fails, a request is 
transmitted comprising the status information and the digital signature to associate the 
communication terminal with at least one second control unit and the digital signature is 
checked, for example by the second control unit. In the event of a positive check result, the 
communication terminal is associated with the second control unit. The unauthorized 
infiltration of a VoIP terminal at a control unit provided for association, such as a gatekeeper, 
can be prevented in this way. 

[0011] In the following, the present invention is explained in detail using an 

exemplary embodiment on the basis of the drawing. The figures show: 

Figure 1 shows a schematic representation of an application environment of the present 
invention, and 

Figure 2 shows a flowchart for a method and control program for operating a 
communication terminal for packet-oriented data transmission. 

DETAILED DESCRIPTION OF THE INVENTION 
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[0012] The application environment of the present invention represented 
schematically in Figure 1 includes a local packet-switching data network 101, which 
interconnects a plurality of VoIP telephones 111-113, PC-based communication terminals 
121-122, gatekeepers 13 1-133, a router 102, and a gateway 103. The VoIP telephones 111- 
113 and the PC-based communication terminals 121-122 represent communication terminals 
for packet-oriented data transmission, where the VoIP telephones 1 1 1-1 13 are only used for 
voice signal transmission. 

[0013] The gatekeepers 13 1-133 are provided as central control elements for the 
forwarding of call signaling and also the resolution and/or conversion of telephone numbers 
and network addresses. Apart from this, the gatekeepers 131-133 log charges and allocate 
them to network users and/or services. The gatekeepers 131-133 represent important 
components for Voice-over-IP, since software for the management of zones and call services 
is installed on them and runs there. 

[0014] The router 102 is provided as a switching element between the local packet- 
switching data network 101 and a further IP-based network 104, such as the Internet, and 
connects the local, IP-based packet-switching data network 101 and the further IP-based 
network 104 to each other on the network layer as defined in the OSI reference model. The 
router 102 chiefly carries out tasks in the field of protocol conversion and data rate adaptation. 

[0015] The gateway 103 includes hardware and software in order to interconnect 
networks of different types. In the present case, the gateway 103 connects a public telephone 
network 105 to the local, TP -based packet-switching data network 101 by means of protocol 
conversion. In particular, the gateway 103 has the task of transmitting messages from one 
network to another, which primarily requires a communication protocol conversion. 
Furthermore, the gateway 402 -103 is capable of completely resolving protocols and represents 
an addressable network node both from the viewpoint of the public telephone network 105 
and also from the viewpoint of the local packet-switching data network 101. A complete 
protocol conversion carried out by the gateway 103 includes conversion of addresses and 
formats, conversion of the coding, buffer storage of data packets, confirmation of packets, 
flow control, and also speed adaptation. 
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[0016] Status information is stored, for each of the communication terminals 1 1 1-1 13, 
121-122, in a memory unit of the respective communication terminal. This status information 
includes, for example, call lists, redirections, programmed key assignments and activated 
features, and value-added services. In this respect, the status information is managed in the 
form of data containers in the respective memory unit and is continuously updated by a 
gatekeeper 131 to 133 associated with the respective communication terminal 111-113, 121- 
122. The storage of the status information corresponds to Step 201 in the flowchart shown in 
Figure 2, while the updating of the status information corresponds to Step 210. 

[0017] Furthermore, a digital signature is generated (Step 202), with which the 
respective status information is provided. The digital signature is calculated respectively from 
the status information stored in the respective memory by means of a private key for an 
asymmetrical encoding method and stored in the respective memory unit together with the 
status information. In the process, the respective digital signature is calculated by means of 
the private key which is associated with the gatekeeper 131-133 associated with the respective 
communication terminal 1 1 1-1 13, 121-122. A public key for checking a digital signature of a 
respective gatekeeper 131-133 is deposited in a form capable of being interrogated in the 
respective other gatekeepers. In general, the public keys are deposited in such a way that said 
public keys are available to all gatekeepers within an IP telephone domain. 

[0018] The continuous updating of the status information is reflected in Step 203, in 
which an inquiry is made as to whether there is a change to the status information, and in Step 
210, in which a piece of status information is updated where relevant. The failure of a 
gatekeeper 131 initially associated with a communication terminal 1 11-1 13, 121-122 is 
established by the communication terminals affected by the failure whenever a cyclical 
updating of status information no longer functions. As a result, the communication terminals 
are capable of recognizing the failure of a gatekeeper (Step 204). 

[0019] If the initially associated gatekeeper 131 actually fails, then the communication 
terminals affected by the failure transmit a message containing a request to associate the 
respective communication terminal with at least one alternative gatekeeper 132-133. The 
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message containing the request to associate the communication terminals affected by the 
failure includes the status information together with the digital signature stored in the 
respective communication terminals. A list containing alternative gatekeepers should 
preferably be stored additionally in each communication terminal in order that communication 
terminals affected by the failure of a gatekeeper can select an alternative gatekeeper in an 
evenly distributed manner. An automatic load distribution is ensured in this way. The 
transmission of the message containing a request to associate an alternative gatekeeper 
corresponds to Step 205 of the flowchart shown in Figure 2. 

[0020] The alternative gatekeeper 132433, which has received a message containing a 
request to associate a communication terminal, firstly checks the digital signature included in 
the message (Step 206). If the digital signature is calculated from a hash value ascertained for 
the status information for example, a hash value is calculated for the status information 
transmitted by a communication terminal by one of the alternative gatekeepers 132-133 for 
the purposes of checking the digital signature and said hash value is compared for a match 
with a digital signature decoded by using a public key associated with the failed gatekeeper 
131. A message digest no. 5 algorithm (MD5) can be used for calculating the digital signature, 
for example. To complete the checking of the digital signature, the check result is 
interrogated, as reflected in Step 207 of the flowchart shown in Figure 2. 

[0021] If the digital signature cannot be checked successfully, the re-association of the 
respective communication terminal affected by the failure of the previously associated 
gatekeeper 131 with an alternative gatekeeper 132-133 is rejected (Step 208). In the event of a 
positive check result, the communication terminal is associated with the respective alternative 
gatekeeper 132-133 (Step 209) and the status information for the communication terminal is 
updated where relevant (Step 210). 

[0022] The method described for operating a communication terminal for packet- 
oriented data transmission can be implemented in the form of a control program, for example. 
In the case of a local implementation of the method, control programs are installed in the 
communication terminals which can be loaded into a working memory of a respective PC- 
based communication terminal and which display blocks of code, in the execution of which 

2003P0444WOUS Substitute Specification - Marked Up - Responsive to 
OA of 08/19/2008 



7 



the steps described in the foregoing are carried out and/or initiated if the respective control 
program is running on the respective PC-based communication terminal. Steps for checking a 
digital signature and for associating a new gatekeeper can be carried out by control programs 
installed in the alternative gatekeepers. 

[0023] The present invention is not limited to the exemplary embodiment described 
here. 
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